SMART Board Mini (the “SMART Board Mini”) Privacy Policy
Introduction
The following information explains our privacy policy (the “Policy”) and practices of SMART Technologies ULC (together with its subsidiaries, collectively "SMART", “we” or “us”) regarding the collection, use, and disclosure of your personal information. This Policy makes clear what information we collect from you, how we use and disclose it, and how you can help manage it. SMART is devoted to making sure your privacy rights are respected, and personal data is collected and used in accordance with the current and applicable privacy and data protection laws.
SMART supports numerous privacy laws including the European Union’s General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA). We currently offer American and European data storage for user-created content and are satisfied our out-of-region user data processors provide appropriate safeguards for the data they handle. The SMART Board Mini is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. Therefore, the Children's Online Privacy Protection Act (COPPA) does not apply to the SMART Board Mini.
About SMART Board Mini
The SMART Board® Mini is an interactive display designed to facilitate collaboration and engagement in various settings, including classrooms and workplaces. It allows users to interact with digital content through touch and stylus input, supporting features such as handwriting recognition, digital annotation, and wireless connectivity. The device may integrate with third-party applications, cloud services, and networked systems to enhance functionality.
By using the SMART Board Mini, you have one-touch access to a full suite of SMART education and third-party applications by connecting to an external computer. The SMART Board Mini works with your computer to provide a reliable interactive experience. You do not need to log-in, and no data is stored locally on your SMART Board Mini.
Updates
Our ability to make timely changes is fundamental to delivering superior software to you. Sometimes, material updates will require us to change our Terms, and we will notify you of these changes. If our updates do not erode or diminish your rights or obligations under these Terms we may update them without notice.
Opting out or removing personal information and data retention
We do not sell your data, and we do not share personal data with third parties without your consent. A list of the third parties we share data to provide our services to you are detailed below.
SMART will only keep personal data for as long as required to provide the service, or to comply with statutory requirements. When the personal data collected is no longer required by us, we and our service providers will perform the necessary procedures for destroying, deleting, erasing, or converting it into an anonymous form as permitted or required under applicable laws.
You may request deletion of your SMART account at any time by e-mailing privacy@smarttech.com or contacting our support department. SMART will respond to customer requests to delete personal data within 30 days. Inactive unpaid accounts are deleted after two (2) years.
If you would like to request that your personal information be provided to you for your review, be removed from our services, or be updated, please contact privacy@smarttech.com.
Your rights
Subject to applicable law, including exceptions, you have the following rights with regard to the personal data that we collect about you:
- right to ask what personal data we have about you and how we use;
- right to request a copy of the personal data that we hold about you;
- right to request that we correct or amend your personal data;
- right to data portability;
- right to request deletion of your personal data; and
- right to ask us to stop or limit how we process your personal data.
To protect your privacy and security, we may need to verify your identity before acting on certain requests, to the extent permitted by law. If someone is making the request on your behalf (like an authorized agent) and they don’t provide proof of authority (such as a power of attorney), we may ask for additional evidence, like written authorization, or contact you directly to confirm the request.
If you would like to exercise your rights regarding your personal data, you can do so by:
- emailing your request to us at: privacy@smarttech.com
- contacting us by postal mail at:
+1.403.245.0333
Notification of Breach
If SMART becomes aware of a personal data breach, it shall without undue delay, and where feasible, no later than 72 hours after having become aware of it, notify the affected customer and the supervisory authority (if it was for data where SMART was the Data Controller) in accordance with Article 33 of the GDPR, unless the data breach is unlikely to result in a risk to the rights and freedoms of natural persons. SMART’s communication of a breach shall be in clear and plain language and contain a minimum of:
- Contact details of the Data Protection Officer or other contact person,
- A description of the nature of the breach,
- Likely consequences of the breach,
- Advice on steps data subjects can take to protect themselves, and
- The measures SMART has taken or proposes to take to address the breach
SMART has an internal incident response plan in place to promptly and effectively address any security incidents involving personal data. This plan outlines procedures for identifying, assessing, containing, investigating, and mitigating data breaches to minimize risks to individuals and ensure compliance with applicable data protection laws.
Data security
SMART's business processes are designed and applied to appropriately safeguard your personal information, having regard to the sensitivity and use of that information. Nevertheless, such security measures may not prevent all loss, misuse or alteration of personal information provided to SMART, and SMART is not responsible for any damages or liabilities relating to any such security failures. By using our services, you understand that there is a risk that data and communications, including e-mail and other electronic communications, may be accessed by unauthorized third parties when communicated over the Internet. The foregoing does not affect any liability which cannot be excluded or limited under applicable law.
If you have any questions or concerns regarding the security measures applied to collection, use or disclosure of your personal information please contact us.
If you are using a service that involves third party elements, please review the policies of such third-party service providers as they relate to security and data protection.
Encryption
We encrypt all your credentials and separate them from your personally identifiable information. We do not store any of your login credentials, including passwords as these are managed by our single-sign-on (SSO) providers.
Changes to the policy
We reserve the right to update this Privacy Policy from time to time to reflect changes to our products and services, operations, or to meet new legal and regulatory requirements. Any material amendments will be communicated to customers 30 days in advance and become binding once posted online.
Data types
It is important to remember that customers and users are two distinct groups. Typically, a SMART customer is an organization (government, business, school, etc.) and not an individual end user (i.e., business person, teacher, student, etc.). Our users are generally not the ones who purchased or setup a trial of the product or service from SMART; our users are accessing the SMART product or service because the customer has granted them access.
We collect two types of data, depending on your interaction with us:
“Non-Personal Data” means aggregated non-identifiable information, which may be made available or gathered via your access to and interactions with our services. We are not aware of the identity or other identifiers of the individual from which the Non-Personal Data is collected. The Non-Personal Data being collected may include aggregated usage information, as well as technical information transmitted by your device, such as the type of browser or device, type of operation system, device settings and technical software data, etc.
“Personal Data” or “Personal Information” means individually identifiable information, namely information that identifies a natural person (not a corporation) or may, with reasonable effort, be used to identify a natural person.
We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a person's health (“Special Categories of Personal Data”).
Required data that SMART processes for customers
| Processor | Country Data is Processed/Stored | Purpose | Data Collected/Processed |
|---|---|---|---|
| SMART Technologies ULC | Canada | Required. When the SMART Board® Mini is used, it automatically reports the following categories of non-PII back to SMART so we can determine if the product needs an automatic update (over the air (OTA) and from what server to deliver that update from. |
All Users (anonymous):
|
| Blue Ocean Contact Centers, Inc. | Canada |
Live Customer Support |
All Callers (identifiable):
|
| Call Miner | Canada |
Support Optional. Processing for telephone interactions (option to opt-out of call recordings), required for e-mail. Call Miner is a sub-processor providing omnichannel interaction analytics powered by AI and machine learning. Call Miner analyzes customer support interactions, including recorded calls and e-mails, which are temporarily stored in CallMiner. The metadata is retained in CallMiner for analysis of the customer experience and trending information regarding the interactions between agent and customer |
Identifiable:
|
| Gainsight, Inc. | USA |
Customer Communications Required if you opt-in to receive marketing communications. Applicable only to North American Customers. We use Gainsight, which is a customer relationship management (CRM) tool, for e-mail (name, e-mail address, company information) marketing to individuals and organizations. |
Identifiable account and purchase information |
| Google, LLC | USA |
Marketing & Support Required if you opt-in to receive marketing communications. Used to create a lookalike audience who may be interested in SMART because they are similar to individuals that have already expressly opted in to receive certain communications, such as marketing, SMART solutions, events and special offers. Required if you use the optional method of on-line customer support via Google Forms. Only used for processing of support forms. Google Forms are also used when a purchaser is engaged with our Field Services (i.e., onsite support). |
Identifiable contact information |
| HubSpot Germany GmbH | Germany |
Required customer communications. Required. We use HubSpot, which is a customer relationship management (CRM), for certain communications, such as customer transactional e-mails, outreach, and training. |
Identifiable account and purchase information |
| USA |
Marketing Required if you opt-in to receive marketing communications. |
Identifiable contact information |
|
| Meta Platforms, Inc. | USA |
Marketing Required if you opt-in to receive marketing communications. |
Identifiable contact information |
| Microsoft, Inc. | Canada |
Processing, Back-Office
Required for our enterprise resource planning (ERP) system, which is software to manage the day-to-day business activities such as accounting, procurement, project management and supply chain operations, as well as our e-mail (Outlook), Confluence, PowerBI® (data visitation), Azure DevOps, and SharePoint® (document management), as well as all the other standard Microsoft Office software titles, like Word, Excel, and PowerPoint. |
Identifiable account and purchase information |
| Outreach Corporation | USA |
Marketing Required if you opt-in to receive marketing communications. |
Identifiable account and purchase information |
| Salesforce.com, Inc | USA |
Ordering, Marketing, Channel Support Required order information (product, quantity, price and tax, delivery). Required for our customer relationship management (CRM). Required to allow our authorized distributors and resellers to work together with SMART. Basic customer and purchase information is shared between SMART and its authorized distributors and resellers. |
Identifiable account and purchase information |
| SMART Authorized Distributors, Resellers and SMART’s Regional Office(s) | Global |
Ordering and Support |
Identifiable account information
Order information
|
| Snowflake, Inc. | Canada |
Processing, Back-Office Required. Snowflake aggregates and centralizes SMART’s customer data from multiple sources (Salesforce, Microsoft Dynamics, HubSpot, Oracle/OBIEE, Pivotal). Required for processing and back-office. |
Identifiable account and purchase information |
Contact us
If you have any questions or concerns related to this Privacy Policy or the processing of your Personal Data, you may contact our privacy team as follows: